It is believed this crucial change to the Windows 10 ransomware helps the malicious software better evade security software.
It also means the ransomware wouldn’t be interrupted by processes which can impact encryption such as backup software.
The threat was highlighted in a post by Bleeping Computer, who said a previous version of REvil required a victim to manually reboot their PC in safe mode for the attack to be successful.
However, the latest revision of the malware gets round this by changing a user’s password to automate the entire process.
The latest REvil ransomware news comes after last month electronics giant Acer was reportedly hit by a REvil attack.
Attackers allegedly managed to get hold of financial information which they were demanding a multi-million pound ransom for.